0

Description - There is an intranet web application hosted on a WebSSO server. When I manually type in the URL in a browser, the server recognizes me as a valid user and lets me into the website. The authentication is automatically done by using my Windows credentials. I do not have to fill out a login form or anything like that.

Problem - I am trying to make a HTTP GET request to the same URL. The server does not recognize me as a valid user and I get a 401 error.I am trying to do what is described here

My research so far - Looks like my Java session is not the same as my browser session. I looked at my browser's request headers. These headers automatically have a CTSession in the cookie when I manually navigate to the URL(CTSession is unique for every login and is generated dynamically). How do I make the server recognize my Java session as a valid one. What kind of headers do I need in my HTTP GET request? I have already tried the following and it did not work. I get the 401 error

1- con.setRequestProperty("Authorization", new String(Base64.encodeBase64(("username" + ":" + "password").getBytes());

2- Opening a connection to a URL of the below format.

url = "https://fullPath/j_security_check?j_username=username&j_password=pwd

Community
  • 1
  • 1
ssk0003
  • 1
  • 3
  • 1
    You will need to look at http://stackoverflow.com/questions/15020734/using-ntlm-authentication-in-java-applications as you should be using NTLM. This will use the user credentials, like the browser does, to make the call. – Ewald Apr 08 '15 at 20:13
  • Not necessarily NTLM will be used. The authentication protocol will be a factor of the application. It likely will not be NTLM but probably NTLM2 or Kerberos. Implementation will depend on what is being used. – Necreaux Apr 08 '15 at 20:16
  • The application is protected by WebSSO. I did not realize that SSO and WebSSO are two different things. – ssk0003 Apr 08 '15 at 20:42

0 Answers0